bill-c-martin
commented
8 years ago Rails has built in bcrypt support in it, which seems to be the default. It's supposed to be much stronger than SHA-x and md5, and also is slow-running, not fast like those other two. PHPass defaults to bcrypt, and it looks like it's basically a clean wrapper for php's built-in, messy bcrypt support. So I think PHPass is a great idea.
Something like PHPass or equivalent. Just needs to be better than MD5 hashing.